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May 15, 1985 


Dr. Joseph F. Shea 
Chairman, Space Station Engineering 
and Technology Development Committee 
Aeronautics and Space Engineering Board 
2101 Constitution Avenue, N.W. 
Washington, D.C. 20418 

Dear Dr. Shea: 


Enclosed is the report of the recent meeting in Huntsville on space 
station maintainability. Bernie Maggln and I met with Phil Culbertson, 
members of his space station staff, and representatives from the Office of 
Aeronautics and Space Technology and reviewed the results of the meeting. 


The major purpose of the meeting was, of course, to provide a forum 
where representation from NASA and industry could exchange experiences and 
views on how the maintainability goals of NASA might be achieved with 
acceptable cost. Representatives from a number of non-aerospace organiza- 
tions discussed their experience in dealing with the complex interaction of 
reliability, maintainability, logistics, transportation, and costs. The 
discussions emphasized the need for systems level guidance early in the 
design and development phase. 


Everyone recognizes that NASA is still formulating many of the major 
system level strategies for the space station. The panel did feel, however, 
that given the particular NASA program management structure, it is important 
that system level concepts for maintainability be provided to the Level C 
centers and the Phase B contractors in time to affect the studies under way 
and to provide a common base for the preliminary design effort in the 
latter part of Phase B. Phil Culbertson and the other NASA representatives 
appreciated and understood this concern. 


It was noted at the NASA review that the panel could meet again for a 
more definitive review of the evolving maintainability program, if NASA so 
desired. 


Sincerely , 


Yuu UiLO.( k n 

Lawrence R. Greenwood 
Chairman, Panel on 
Maintainability 
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Preface 


In 1984, at the request of the National Aeronautics and Space 
Administration (NASA), the Aeronautics and Space Engineering Board 
(ASF.B) undertook a study of NASA's space station program. The results 
of this study by the ad hoc committee of the ASEB on Space Station 
Engineering and Technology Development were published this year. NASA 
found the study useful and asked the ASEB to continue examination of 
the evolving space station program through a series of more specific 
studies : 

• maintainability 

• research and technology in space 

• solar thermodynamics research and technology 

• program performance 

• onboard command and control 

• research and technology road maps 

The purpose of this examination of maintainability, the first of the 
series, is to provide comments on approaches to long-term, reliable 
operation at low cost in terms of funds and crew time. 

The panel consisted of selected members of the committee and 
representatives from industry with special knowledge and experience in 
the science, art, and engineering pertinent to maintainability. The 
panel was briefed by NASA staff members involved in the development of 
the space station maintainability program and on questions and issues 
to be resolved. The panel, in roundtable fashion, discussed these 
matters. The deliberations of the panel, following active dialogue 
with the NASA representatives, are presented without attribution in 
this report of the proceedings. 

These proceedings contain a brief synopsis of NASA's presentations, 
including questions and issues; notes on the roundtable discussion; 
and a summary of the panel's observations for NASA's consideration in 
the development of its maintainability program for the space station. 

A set of the NASA presentations is appended for completeness. 
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Introduction 


BACKGROUND 

In 1984 the ad hoc committee on Space Station Engineering and 
Technology Development of the Aeronaut ics and Space Engineering Board 
(ASEB) conducted a review of the National Aeronautics and Space 
Administration's (NASA's) space station program planning. The review 
addressed the initial operating configuration (IOC) of the station. 
The results of the commits* ' a study, released in February 1985, were 
factored into the development of NASA's space station program and its 
request for Phase B (concept and preliminary design) proposals issued 
to industry in September 1984 and awarded this past April. 

NASA found the work of the ad hoc committee very useful and asked 
the ASEB to reconstitute the ad hoc committee to address: 

• onboard maintainability and repair 

• in-space research and technology program and facility plans 

• solar thermodynamic research and technology development program 
planning 

• program performance (cost estimating, management, and cost 
avoidance) 

• onboard versus ground-based mission control 

• technology development road maps from IOC to the growth station 

The objective of the committee's new assignment is to provide NASA 
with advice on ways and means for improving the content, performance, 
or effectiveness of these elements of the space station program. 

In response, the ad hoc committee established individual panels to 
address each subject. The participants of the panels were to come 
from the committee, industry, and universities and thus provide each 
panel with individuals experienced in the area of special interest. 

It was decided that the subjects of maintainability, program 
performance, and onboard mission control would be addressed in round- 
table forums focusing on concepts, system design, and organization. 
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This tack was taken in view of NASA's interest in program definition 
and development and not in program critique at this time. 

It wftr decided that the subjects of research and technology in 
space, solar thermodynamic research and technology development, and 
technology development road maps would be addressed in workshops that 
focus on NASA program activity and plans. 

It was also decided that the deliberations of the panels would be 
reported as proceedings to expedite the documentation and dissemination 
of the information. 


THE MAINTAINABILITY PANEL 

The task statement setting up the maintainability roundtable noted: 

NASA background material will cover such matters as 
design philosophy for the initial and growth station; 
specifications; and station operations and services, 
covering the range of essential to nonessential functions. 
Questions and issues of particular concern and subjects 
that NASA would like the penel to address will also be 
identified. 

Of particular interest to NASA are approaches to 
providing high reliability and long life at low initial 
and operational costs and preservation of crew time for 
mission work. Pertinent are views on design philosophy 
and specifications and the related technology developments 
that will make the achievement that enhances the 
probability of success possible. Pertinent technology 
includes redundancy and failure mode design and 
diagnostics, artificial intelligence, and automated 
repair/replacement . 


The proceedings reported here cover the Maintainability Panel's 
meeting at NASA's Marshall Space Flight Center on March 20-21, 198S. 
The list of panel members, participants, and NASA representatives is 
presented on page iv. The meeting agenda is presented in Appendix A. 
The panel was briefed by NASA representatives; panel participants 
discussed their views on maintainability; the panel engaged in general 
discussion; and then the panel organized into two subgroups. One 
subgroup addressed maintenance concepts; the other, maintenance 
technology; and each considered related NASA questions and issues. 

The subgroup comments were reviewed with the full panel. This 
proceedings report presents the results of this process. The panel's 
observations and comments are noted without attribution. 
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NASA Briefings 


The briefing graphics of the National Aeronautics and Space 
Administration (NASA) representatives are presented in Appendix B. 
The followiag paragraphs summarize this material and include the 
questions aid issues identified by the presentors. Where pertinent, 
related panel comments are included. 


Richard Carlisle, NASA Headquarters — Opening Comments . The panel was 
reminded that the roundtable was intended to be a forum for the 
exchange of ideas. NASA hopes to gain from participants' experience 
and use the information for structuring space station maintainability 
guidelines. Carlisle noted that the space station is different from 
eariUi manned space systems in that it will have a long, indefinite 
li(v the design must allow the crew to use most of its time for 
mission support. Because past NASA programs have had little need for 
attention to onboard maintainability, NASA has not had to give this 
matter much attention. 


Bryant Cramer, NASA Headquarters — Elements t>£ Maintainability and Key 
Questions . The objective of the discussion is to develop an under- 
standing of an optimal approach to space station maintainability. The 
subsystems must have a capability for essentially indefinite life 
through maintenance, exchange, and/or upgrading. The associated work 
load must not affect crew productivity or safety. A possible goal 
might be no more than 3 hours per day per crew me'.sber for a 5-day week. 

Maintenance has engineering, assurance, and operational aspects and 
attributes related to avoiding and facilitating maintenance. 
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Questions related to maintainability reviewed at the meeting and 

contained in an earlier statement by Dr. Cramer,* in summary, are: 

• Maintainability requirements? 

• Process for identifying requirements? Modeling? 

• Driver issues in formulation of plan? 

• Approach to conducting system engineering trade studies? 

• Approach to implementation? 

• Trades between reliability and maintainability? Use of automation? 

• Are maintenance goals identified/assigned to each subsystem? 

• Balance between mean time before failure versus ease of maintenance 
as related to mean time to replacement? 

• Process to determine orbital replaceable unit (ORU) support level? 

• Determination of automation level for high maintainability? 

• Application of human factors engineering? 

• Role of computer modeling? 

• Preservation of maintainability objectives in view of limited 
resources? 

• Maintainability buildup from the initial operating configuration 
(IOC), scarring? 

• Checking for achievement of maintainability objectives before 
flight? 


Richard Storm, NASA Headquarters — Planning Guidelines . The program is 
being approached through dedicated study using the NASA centers and 
study contractors. Development should start in 1987 with the IOC in 
place in the early 1990s» The U.S. cost through IOC is $8 billion. 

The station will be built and sustained through the use of the 
Shuttle providing long-term, continuous service with men. The station 
will have both manned and unmanned elements, be evolutionary, and 
maintainable. 

The reliability /maintainability issues are: 

• maintenance demand versus crew time 

• program priority versus crew time 

• reliability boundary — the most reliable versus lowest acceptable 

• life cycle cost alternatives 

• internal access versus external access 

• software (repair and maintenance) 

• spares availability 

• ORUs stored on board versus on ground 

• safety/safe mode operations 

• sustaining support 

• analytical methodology controversial — lacks credibility 


*Dr. Cramer had prepared a statement on maintainability philosophy and 
issues for the panel prior to the panel meeting. Extracts from this 
statement are appended to his presentation material. 


5 


The approach to resolving such issues encompass actions that result 
in: fail-safe, restorabte design; building "best" state-of-art hard- 

ware; and designing for accessibility/modularity and replaceability. 
Trade studies should address ORU levels and space requirements. 

Studies should also address anticipated maintenance and service 
requirements. 

It will be assumed that the resupply cycle is 90 days, that design 
will be fail-operational/sa£e/restorable with low probability of two 
failures in. critical systems in a 90-day period, and that the prime 
mode of restoration is replacement. 

There are a number of technology development areas that .address 
long life that require attention. They relate but are not limited to 
software, electric power generation, propellant handling, thermal 
devices, life-support equipments, and external operations. 

Some key program challenges include design for permanence, costs 
a.jd schedules, the in-house conduct of systems engineering and 
integration, international integration, and funding constraints. 


Harold E. Benson, Johnson Space Center — Systems Engineering and 
Integration . The maintainability issue for the space station is to 
develop a basic design to allow effective maintenance. In part, due 
to cost constraints, this may be difficult to implement fully as the 
program matures. The operating environment and the fact that the crew 
members are not maintenance and repair specialists put special, 
difficult demands on maintainability. To add to the design problem, 
the station is a long-life system (30 years) with international 
participation. Some issues relate to commonality of hardware/software 
and growth. 

Program management (Level B) will be responsible for the integration 
of the full maintainability plan. This will include integrating and 
scheduling of related effort by Level C according to their assigned 
work packages. This will include related logistics activity. 

The present program plan (Phase B) calls for baseline space station 
configuration selection by the end of the year and documentation of 
design and implementation plans (including maintainability) by the end 
of 1986. 

Costs for providing maintainability are projected to be significant, 
warranting careful assessment and attention. Factors that must be 
considered include initial design, development, hardware, and scarring 
for future modifications; logistics support in space and on the 
ground; and supporting activity. 

Because of environmental and operational factors, maintainability 
by the crew both inside and outside the station will present special 
challenges. Automation and robotics may be of special value and 
interest and require establishment of design criteria. 
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7here will be special need? for information. Because of limited 
knowledge of the broad range of systems and the limited crew (and 
training limitations), there will be a need for basic and updated 
maintenance information to be available to the crew. These data will 
have to be on board or data uplinked in a timely manner. 

NASA has had relatively limited experience with long-life systems. 
This raises special hardware vendor problems related to sustained 
support and/or availcbility of required data over an extended period 
of time that will have to be addressed. 

From programmatic considerations, management will have to address: 
issues of commonality of equipments and treatment between major 
systems, approaches to growth and the size of the steps, implication 
of foreign involvement on maintainability, and the establishment of a 
consistent set of criteria that all elements of the design can use to 
assure compatibility. 


Shelby L. Owens, Johnson Space Center — Project (Level C) Approach to 
Maintainability . The present major thrusts involve maintainability 
trad? studies for hardware and software directed at interim 
requirements. These studies include commonality. 

Some major factors of concern (not in order of priority) include: 

• logistics and crew support requirements including human factors 

• impacts on users and on-orbit requirements 

• data management and decision making 

• autonomous operations 

• safety and reverification 

• growth 

The present plan is to conduct task and trade studies through the 
Phase B contracts as identified in the request for proposals. The 
statement of work notes that there should be commonality, trade studies 
(maintainability versus reliability), maximization of maintainability 
features, and approaches that satisfy the requirement for indefinite 
life. 

In spite of NASA's experience and demonstrated capability to 
develop and operate reliable systems, NASA has not developed nor 
operated systems with the lifetime demands of the space station, i.e«, 
indefinite life, growth in orbit, maintainable in orbit, and 
interfacing with other vehicLes and multiple interest groups. 


Joseph H. Levine, Johnson Space Center— Reliability Division Approach . 
Addressed were differences between space station and earlier programs 
and reliability-maintainability assurance roles and issues. 
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The significant maintainability factors for the station that differ 
from earlier work are: 

• indefinite life and onboard maintenance 

• less time-critical systems and commonality 

• fail-operational/fail-safe/restorable 

• use of robotics 

• onboard fault isolation, restoration 

• logistics support 

• crew capability limitations 

• increased extra-vehicular activity 

To provide reliability and maintainability, the reliability division 
will have to pursue the following kinds of activity: definition of 

requirements and participation in trades, assessment of approaches 
including optimization of the use of the crew, evaluation of program 
plans and their implementation down to ORUs, and definition of special 
tools and standards* The division will need to participate in main- 
tainability demonstrations, data system definition and development, 
and resolution of problems affecting maintainability matters* 

The critical issues are viewed as related to: 

• identification of unproven systems and elements difficult to 
access/restore 

• selection of an approach that assures all groups participate 
uniformly 

• selection of appropriate techniques to analytically assess 
maintenance and general crew time and to minimize use of the crew 

• the crew time for prelaunch and direct in-flight maintenance — spare 
requirements 

• use of robotics for routine and extra-vehicular work 

• technology development to enhance program approaches 

• studies to provide direction to ail phases of logistics: spares 

(ground and in-flight), storage, and obsolescence. 


Joe Lusk, Marshall Space Flight Center (MSFC)— Center Role in 
Maintainability . MSFC has a major responsibility for identifying and 
developing the logistics support program plan for the space station. 
This includes the space-born logistics module and its outfitting. MSFC 
also has the responsibility for developing the integrated space station 
maintainability plan. It is recognized that equipment design affects 
support needs, which in turn impact system effectiveness and 
efficiency. These matters should be addressed before the design is 
fixed. 

Logistics is considered to include all elements of the operation 
(i.e., maintenance planning, logistics analyses and management, 
training, equipment handling, and support facilities). The task 
includes development of the maintainability plan and encompasses such 
matters as recording of equipment status, configuration control, 
tracking of operating times, and establishing maintenance procedures. 
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The maintainability plan is envisioned to include development of 
Level 3 requirements and taking actions that influence the design, 
development, and station life. The thrust of the effort is directed 
at improved operational readiness, reduced near- and long-term (life- 
cycle) costs, and efficient operation of the station. It is intended 
that the maintainability plan (system requirements, data requirements, 
guidelines for analyses and reviews, and schedule for reviews) be 
integrated into the overall program plan. 

The proposed maintainability philosophy includes: 

• critical systems fail-operational/fail-safe; noncritical systems 
fail-safe 

• removal and replacement (ORU changeout and return to ground for 
rework) 

• space station major modules returned to ground as last resort 

• onboard diagnostics for detection down to ORU 

• noncritical systems allowed to fail-/degrsde- operational until 
spares are available (resupply, 90-day cycle) 

• for health and safety, have planned maintenance 

• for contingencies, provide test equipment and tools and provide 
functional capability repair on board. 

It is recognized that maintainability affects all parts of the 
program (reliability, safety, human factors, logistics, crew systems). 
All requirements must be integrated and logistically supported. 
Requirements will help identify levels of redundancy that in turn 
affect system monitoring requirements, replacement /repair decisions, 
and spare requirements. 

All of this background is required to define corrective and pre- 
ventative maintenance policies. (Current activity builds on earlier 
work on the problem of maintainability — Philosophy qn Space Station 
Maintenance/Maintainability , J. Lusk, MSFC/PM01, Nov. 28, 1983; Space 
Station Maintainability Study Input for CDG Study #2 , J. H, Leet, KSC/ 
PT-LMO, Jan. 17, 1984; and Space Station Reliability-Maintainability 
White Papers , JSC, Dec. 1984.) 


Joseph P. Joyce, Lewis Research Center— Electric Power Systems . The 
electric power generating system options for IOC are solar photovoltaic 
and solar thermodynamic. Maintainability terms were defined: 

• Maintainability — Capability to complete maintenance and repair and 
the verification of success (impacts design) 

• Maintenance — Periodic (and unplanned) activity to prolong design 
operation (impacts design) 

• Reliability — Insight as to when a loss may occur (impacts logistics) 

• Repair — Action to return the degraded, malfunctioning, or damaged 
items to design operation (impacts crew and logistics) 

The design target is to provide an electric power system that will 
operate without interruption and with minimum interference from other 
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space station program elements* This is one of the critical systems* 
Since nearly all other systems and operations depend on electric 
power* an uninterrupted power supply is vital* Interference from 
other space station systems should be minimal. 

Maintainability consideration includes many factors that impact 
interface standards* Bystem design, and operational support. Some of 
these factors relate to accessibility* override, hazard avoidance* 
growth, interface definition, diagnostics, fault detection, 
contamination, resupply, spares, and storage. 

Maintainability will be addressed in the Phase B studies. Defini- 
tion work on supporting activity and requirements has begun. 


F. J, Logan, Goddard Space Flight Center (GSFC) — Platforms and 
Attached Payloads . The work includes not just the attached payloads 
and free-flying platforms, but also their assembly and servicing 
facilities and laboratory module outfitting. 

The key to successful design will be the iterative process of trades 
between maintainability, system design, and costs. All of the NASA 
center work package managers and the Phase B contractors are required 
to work this problem. 

Issues to be resolved include: 

• crew time for maintenance 

• reliability versus maintenance 

• cost versus availability versus redundancy 

• logistics space on board 

• resupply frequency 

• criticality of element, subsystem 

• safety 

• commonality 

• built-in test/diagnostics versus manual operation 

GSFC has somf experience with raultimission, modular spacecraft 
(MMS) maintenance. These systems were designed so that functions were 
distributed and isolated. Failures can be readily identified and 
modules easily replaced through the use of remotely controlled systems. 
This is a proven technique that could be used for the space station's 
ORUs. Other ideas have potential cor the station: the MMS flight- 

support system that replaces MMS equipment and a thermal protective 
system (built-in layers) that can be easily restored to operational 
capability. 


George B. Finelli, Langley Research Center (LaRC)— Fault-Tolerant 
Systems Research . The basic approach of fault tolerance is to design 
a system that continues performing its intended function(s) in the 
presence of faults through multiple redundancy, detection/isolation of 
failures, and architectural reconfiguration. These capabilities could 
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allow automatic maintenance, increase autonomy, reduce crew load, 
assist in growth, reduce operating costs, and possibly reduce initial 
cost. 

Research issues include understanding the effects of system 
architecture and fault-tolerant software on reliability and 
performance. Currently, most reliability analyses tend to be 
optimistic because they fail to consider the effects of software 
errors, transient faults, double faults, and single-event upsets. 

The goal of the LaKC fault-tolerant systems research is to define 
design and assessment methodologies for such systems. The intended 
products of this research are methods for validating the performance 
and reliability of complex electronic systems, comparative analyses of 
integrated system concepts, and guidelines for the design of verifi- 
able, highly reliable systems. To date, most of the work done has 
addressed aircraft matters. But, the facilities and capabilities can 
be used to address space station design issues. 

Present research includes development of tools and techniques, 
using varied analytic and test techniques, for both software and 
hardware. One subject under study is the use of redundancy and 
periodic maintenance as the means for limiting the probability of 
failure. 

Fault-tolerant systems can provide graceful degradation through 
fault detection, isolation, and reconfiguration and, consequently, 
provide increased autonomy and reduced testing, enhance identification 
of elusive symptoms, and reduce removals associated with unconfirmed 
faults. LaRC is verifying the benefits of fault-tolerant systems 
through trade-off studies. Such systems can favorably affect costs 
and maintenance requirements through the reduction of time, spares, 
and operational activity devoted to maintenance/repair/replacement. 


Joel H. Leet, Kennedy Space Center (KSC) — Maintainability Philosophy . 
Prime maintainability considerations during the early program phase 
relate to influencing the design: during the detailed design and 

production phase (designing-the-support) and during the operations 
phase (supporting-the-design) . Because of the close relationship, 
integrated logistics considerations and the effect of maintainability 
on the logistics system must be considered through all program 
phases. The end result will be the system in use at KSC during 
operations to support the space station (provisioning, resupply, 
maintenance, repair, training, and documentation). 

The maintainability philosophy encompasses thoughts expressed by 
other NASA presentors: 

• maintenance on orbit 

• minimal training 

• evolution — growth capability 
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• primary crew function— time for user work with minimum demand on 

users 

• common hardware and software 

• maintainability factored into support and life-cycle cost decisions 

The data base (lessons learneu) from past space and related 
earth-based systems, including the U.S. Department of Defense and 
industry, is being examined and will be factored into the program 
development effort. 

This earlier work shows that: maintainability must be responsive 

to mission and operational requirements and needs to be factored into 
the design early and iterated; critical systems should be isolated; 
spares should be certified; common interfaces between primary and 
secondary systems should be avoided; software language for both flight 
and testing procedures should be compatible; flight and ground crews 
should be involved in design and review board activity; and costs 
should be considered throughout the effort. 

Important design and development considerations include: establish- 

ment of program-level management and support policy early, as well as 
criteria for maintainability; a strong top management advocacy; 
assessment of new technology; and establishment of ways to measure the 
performance and effectiveness of system implementation. 


3 

Discussion 


This section of the report reflects the substance of the roundtable 
discussion, without attribution, in the form of short statements. The 
statements, which address a range of matters from status to suggested 
actions, are organized by philosophy/guidelines, technology, and 
organizat ion/management . 


PHILOSOPHY/GUIDELINES 

• Maintenance/repair (and other space station operational activities) 
should not detract the crew from the prime function of mission 
support. 

• The target of 3 hours per crew member per day for maintenance/repair 
is too high. A more practical target might be 3 hours per month. 

• Representative maintenance concepts have not been generated by the 
National Aeronautics and Space Administration (NASA). The matter 
has thus far been treated in a very general way. NASA needs to 
identify a preliminary maintenance concept as the first step in 
developing a maintainability plan. This is needed to guide the 
early, as well as later, Phase B activity, when in-depth study of 
this important matter is initiated. 

• All program participants (government and industry) need to be 
provided with a consistent set of maintainability guidelines if 
related system activities are to interface effectively. 

• The maintenance concept should be quantified, to a reasonable 
degree, *snd provided to all involved groups for review and 
comment. The feedback should be iterated. This work should be the 
responsibility of a single group, Level B. 

• There is an array (depending on criticality) of system requirements, 
and each requires separate treatment. 
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• Cost is an important program driver. Maintainability and repair 
considerations impact design and early- and long-term costs. Thus, 
it is important to taks cost implications into account early in the 
design effort. 

• A system design guideline should be established that states that 
the probability of a catastrophic failure will be extremely low, 
and a value should be set for this very low probability of failure. 

• It is anticipated that NASA will have developed a reasonable 
position on maintainability and reliability in the January-Pebruary 
1986 time frame, when some of the Phase B work is completed. 

• NASA has been examining the matters of reliability, maintainability, 
and repairability over a period of several years through intercenter 
working groups and special studies. This work has produced reports 
and a series of white papers on these subjects. Related earthbound 
work has been examined but found to be of limited value in terras of 
space station applicability. 

• The in-house work has covered operations as well as design and 
users' needs related to onboard payloads and freeflyers. 

9 The Marshall Space Flight Center has developed top-level maintain- 
ability guidelines. However, this has not been worked with the 
other centers or Level B. 

• A separate contract (outside of the Phase B group of contracts) 
will be let by MSFC to develop a maintainability plan and help 
structure the logistics support plan. This activity will be 
iterated with the Phase B work. 

• The subject of safety appears to require more attention. 

• It is not possible to generalize requirements down through all 
systems due to unique services and/or requirements and criticality. 
So, goals and guidelines should allow the exercise of reasonable 
judgment by the system designer. 

• As a matter of principle, the maintainability specification or 
criteria should not be too confining. Confinement will not allow 
contractors the opportunity to exercise their ingenuity and 
creativity. 

• To help assure communication between parties, maintainability and 
related terms need to be defined. 

• Airlines and commercial air transport airplane manufacturers have 
developed maintainability guidelines.* Current design is based on 


*A report setting forth guidelines developed by Boeing, based on 
design/operational experiences with their aircraft down through the 
747 aircraft, was given to NASA Level B representatives. 
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identifying incipient failures, mechanical or electrical, through 
inspections, checks, and testing. This approach should be 
considered judiciously for the space station. The question of 
blatant failure needs to be addressed. This treatment lias to be 
given to standby Bystems too. A point to note is that aircraft 
operators, fundamentally, do not replace components at fixed times. 

It would appear to be inappropriate to set specific system/ 
subsystem values for designers; it would be better to set overall 
concepts for basic systems. 

• In aircraft, for a new design, it has been the practice to dedicate 
time (approximately 2 weeks) to a relatively complete set of 
maintainability demonstrations. This type of action may be 
appropriate for the space station using the buoyancy tank and 
mock-ups to simulate extra-vehicular activity operations. However, 
in-station (shirt sleeve) operation presents a special problem. 

• In commercial aircraft operations there is a minimum operationally 
ready equipment list. The flight (operation) does not go without 
an operational check-off of these equipments. A similar check-off 
may be appropriate for the station before special activity, i.e., 
orbital maneuvering, vehicle docking, and turning on power to an 
onboard payload. 

• The levels of repair planned for need to be responsive to 
appropriate criteria and standards for different classes of system 
criticality. The general rule may well be replacement of elements 
and components. 

• Due to upgrading and replacement, it does not appear that a 30-year 
life through direct maintenance iB a realistic design driver for 
components and elements of the station and could be an unnecessary 
cost factor. It would appear to be more realistic to design for 
shorter lifetimes with a view to replacement with advanced 
components and systems for all but major structural elements. 


TECHNOLOGY 

• A sustaining engineering activity, in view of growth and long life, 
will be required as will an ongoing technology development effort 
related to maintainability. 

• Measures of maintainability need to be defined to assist in and 
provide a consistent base for analyses and evaluation. 

• The subject of mission success needs to be addressed as part of the 
maintainability assessment. There has to be a way to measure and 
identify failures to be tolerated through design and performance 
assessments. 


• Modular design can pay for itself in ease of assembly, test, and 
replacement. But, the design roust consider accessibility and 
simplicity. 

• The Langley Research Center work on fault tolerance is currently 
directed at aircraft. The facility and staff can be applied to 
space station issues. This application should be examined. 

• The Air Force has a large program on redundancy management. 

Contacts should be made to review this work and its applicability 
to station development. 

• The military services are very involved with the subject of 
integrated diagnostics for a self-sustaining weapon system 
capability.* However, they have not established an approach to 
evaluating designs for maintainability and repairability. This 
matter is being worked by the services and should be followed. 

• One significant problem is the inability to detect and isolate 
equipment failures with high confidence. 

• The failure problem manifests itself in: large ambiguities that 

are costly in spares, logistics, and induced failures; high false 
removal rates (airlines have experienced values as high as 50 
percent); the need for large, specialized support groups; shortages 
of storage space and work skills; long mean tiroes for repair and 
operational readiness; and extensive test equipment, training, and 
documentation. 

• The Navy has a program to support the development of integrated 
diagnostics. The program's objectives include technology improve- 
ment, reduction of false removals, maintainability improvement, and 
reduction in cost of diagnostics. 

• The Navy's integrated diagnostics effort is directed at providing a 

cost-effective capability for detecting and isolating known or 
expected problems without ambiguity. It has three phases: Phase I 

(present) — concept definition and system specification, Phase II 
(FY 1985) — detail specification for software and hardware, and 
Phase III (FY 1936-1990) — full-scale development of guidas and 
standards. 


*Mr. Michael Battaglia of the Naval Electronic Systems Command made a 
presentation on this work. His presentation material was distributed. 
He also presented copies of the following reports for NASA: Report 

for the Department of Defense on the Implementation of Integrated 
Diagnostics , The National Security Industrial Association, Sept, 1984 
(full report and executive summary); and Proceedings of the 1984 
National Conference on "Supporting Weapon System Technology Through 
the 19908 ,” The National Security Industrial Association, Aug. 14-16, 
1984 (Vol. I and conference summary). 
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Hie expected payoffs; diagnostic capability should go from 
50-75 percent to 99-100 percent; support personnel reduction, 25 
percent; training reduction, 50 percent; false alarms from 85 to 
1-2 percent; unnecessary removal from 30-70 percent to less than 1 
percent; «nd time for maintenance should be reduced by 50 percent’. 

• There is a need to assist the crew in decision making because, as 
noted in the request for proposal (RrP), crew time is very 
important. 

• Design to cost and crew time are important evaluation criteria for 
trade studies. But, some way to quantify crew time is needed. 

• The Air Force Studies Board of the National Research Council has 
initiated a study on fault isolation. (See Appendix C— Statement 
of Task.) The National Security Industrial Association (NSIA) has 
just completed a study on this subject. A report is in process. 
NSIA is also conducting a technology survey. NASA needs to examine 
and keep in touch with these activities. 

The NSIA report addresses state-of-technology and future needs. 
It shows that management attention from the start is critical and 
that diagnostic design, a systems engineering function, has to be 
iterative. 

• Past experience indicates that overworking the crew is a real and 
serious problem. 

• Large electronic telephone switching systems are designed to 
provide very high levels of reliability (down times of about 2 
minutes per year). These systems use up to 12 levels of 
redundancy. They depend on sensing and remote diagnostics for 
.trouble shooting down to a low systems level. A central control 
station manager directs field repair people (such an approach may 
be appropriate for the space station). This capability has to be 
designed into the system from the start. 

• Representative, important technology development areas are: 
knowledge-based systems, laser video disk, expert systems, 
artificial intelligence, logic modeling, smart bits, signature 
analysis, fault-tolerant designs, probes/robotics, self- improving 
diagnostics, and computer-aided design and analyses capability 
(i.e., AJE/UPE, CAD/CAM/CAT/ CAE, and LSI/VLSI/VHSIC) . 

• Safe designs should have redundancy in both main and standby 
critical systems. 

• To keep work loads and time lines for crews contained, automation, 
including built-in testing, has an important role to play in 
initial and design growth. 

• Trade studies should include reliability, safety, and low cost 
considering replacement, repair, inspection, and test. 


17 


• A starting place for NASA trade studies would be the reference 
configuration in the RFP, divided into subsystems and classes of 
functional criticality. The trade studies would identify deitign 
guidelines for desired performance and minimum cocfs and help 
develop guidance for iteration with the Phase B contractors. 

• Satellite communication earth stations were subjected initially to 
periodic human checking. Now, with the system mature, only checks 
by instruments are made. The outage time averages about 25 minutes 
per year over a 10-year period. Design features are high redundancy 
and short c ha in-of -command. 

• It is anticipated that, for the space station, there will be a long 
shakedown period followed by more settled and routine operation. 

In the past, this transition period has tended to be a problem for 
NASA. 

• Current satellite systems (communications) have displayed lifetimes 

longer than expected. Early satellites had lifetimes of 3 to 4 
years; new systems, 9 years and still going. New designs an* 
predicted to have useful lives of 10 years. Several factors 
contribute to long life: make equipment good, specify existing/ 

proven equipment, and use fixed-price/incentive contracts. Tie 
contractor incentives to system life. Where new equipment must be 
used, the key is test, test, and test. If changes are made, make 
them in small increments. Make heavy use of redundancy. 

• Human factors did not appear to get specific attention. This could 
be part of a long-term problem--crew causing problems while fixing 
problems. In this regard, it may be a better practice to have 
required onboard spares integrated into the system (redundancy) 
rather than replaceable. 

• There may be a tendancy to overstress wearout. Wearout has not been 
a problem with unmanned spacev.aft. Unproven design has caused 
problems indicating a need for careful validation of new designs. 

On the station, wearout will have to be dealt with in the sense of 
easy access for assessment/replacement and possibly repair. 

• To reduce maintainability requirements, design should incorporate 
redundancy and have greater capacity /capability than the minimum 
acceptable requirements specified. Systems should be designed to 
degrade gracefully so that there is tiu*.a to decide on and take 
action. 


ORGANIZATION/ MANAGEMENT 

• The centers have a responsibility for addressing all maintenance 
issues including payloads and spacecraft operating with the 
station. The RFP covers the subject, but very broadly. 
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• The presentations reflect that space station maintainability, per 
se, has received some attention but that relatively little 
attention has been given to maintainability related to use of the 
station as a service center for attached payloads, platforms, and 
the orbital maneuver ing/transfer vehicles. The Goddard Space 
Flight Center has the responsibility for this activity, but it is 
not clear that servicing maintainability has been considered. This 
includes maintainability of the serviced items themselves. 

• The technical aspects of maintainability are not the whole problem. 
Organization and management (assignment of responsibilities and 
authorities) are also important and affect irogram success. 

• A top-level set of maintainability objectives and strategy is 
required to coalesce activity between centers and contractors. 

This will allow correlatable definition of criteria for the next 
lower level of maintenance and repair design and operational 
concepts. 

• In weapon systems (possibly for the space station too) operational 

readiness problems persist because: system requirements fail to 

reflect diagnostic needs; integration of diagnostics not accomp- 
lished (too many separate functions); organizational structure not 
in place; analytical tools not available; and funding support short. 

• Space station hardware and software maintainability needs to be 
addressed by design engineers. This includes component/sys tem 
design that provides the capability to accept updated technology 
without impacting users. Hie subject is important enough to 
warrant special design reviews. 

• NASA has identified many of the major maintainability issues but 
not how to resolve them. It is reasonably clear that what is 
needed is a logic net and feedback mechanism to integrate and set 
the process in motion. 

• A problem with long-life systems is replacement of hardware 
including instrumentation, i.e., companies discontinue 
manufacturing or go out of business. In cases where original 
design data are needed and manufacturers could go out of the 
business, it may be necessary to make arrangements to preserve 
drawing and other information. 

• In the commercial communications area there has been heavy 
dependency on corporate memory and on careful specification for 
final design and development. These factors are expected to be 
important to the long-life space station system too. 

• There did not appear to be a commonality of approach to maintaina- 
bility between center groups and the presentations were general. 
However, work is just getting under way. If maintainability is to 
be effectively addressed and factored into the design, as it should 
be, the effort that is under way must be a serious, in-depth effort. 
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Summary Observations 


The panel discussed and drafted a definition of and an approach to 
maintainability. This definition and approach is presented here. 

The panel organized in two groups to consider the National 
Aeronautics and Space Administration's (NASA's) present posture on 
maintainability and the questions and issues raised. One group 
summarized views on maintenance concepts and the other on systems/ 
technology. The observations of the two groups were reviewed by the 
panel and are also summarized in this section of the proceedings. 
Finally, a general summary statement is presented. 

Subsequent comments submitted by panel members— -J. W. Schaefer 
(remote testing) and P. E. Partridge ( replacement/maintainability 
philosophy )-~are presented in Appendix D. 


MAINTAINABILITY DEFINITION 

In view of the need for a common understanding of maintainability, 
a definition of maintainability and a process for implementing the 
capability was developed and briefly reviewed by the panel. This 
definition and process follows : 

Maintainability is the capability to carry out a set 
of procedures which will enable the space station system 
to perform its mission with minimum disruption and 
maximum safety. Low overall cost is a system criteria. 

The term mission includes all elements of the space 
station system. It entails the servicing of other 
spacecraft and user equipments/instruments associated 
with the space station itself and the polar platforms 
that will interface with maneuvering and transfer 
spacecraft, serviced by the Shuttle. 

Maintainability is not reliability or commonality. 
Procedures should not be confused with design, i.e., a 
system design must provide the capability to maintain 
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the system performance and enable economical repair and 
replacement of components with no disruption of service. 
Thus, the design must accommodate maintenance 
procedures. Operational procedures should encompass 
switching to fault-tolerant or other built-in 
redundancy. 

The design of the system should be such that it will 
facilitate maintainability to achieve lowest overall 
cost. 

But which procedures should be selected and 
implemented? Here, reliability and commonality enter. 
They are products of specific design. 

To determine the maintainability procedures to use, 
trade-off studies are made considering maintainability, 
reliability, commonality, supportability (logistics) 
under the constraint of minimum disruption of critical 
systems, maximum personnel safety, and lowest overall 
cost . 

These studies and the design approach can be 
addressed through: 

• Use of the request for proposal reference con- 
figuration to identify criticality of major systems 
hardware and software, in a hierarchical manner, 
using failure mode and effects analyses plus time to 
restoration to operating conditions. 

• Performing trade studies that minimize cost and 
consider replacement (including logistics), repair, 
redundancy and fault tolerance, reliability, 
commonality, and other factors. 

• Using the result of these studies to define a set of 
major system design guidelines considering such 
matters as crew maintenance time, need for storage 
on orbit, modularity, extra-vehicular activity, and 
internal vehicular activity. 

• Developing preliminary designs that incorporate the 
results of the trade-off analyses. 

• Repeating above for subsystems. 


THE GROUPS 

The concept group was chaired by K. Holtby. Its members were J. 
Barker, A. Mager, C. Mathews, G. Neumann, J. Schaefer, and C. 

Sy vert son. 

The systems/technical gror.p was chaired by J. Harrington. Its 
members were M. Battaglia, M,. Grogan, R. Hammond, C. Marvin, S. 
Metzger, and P. Partridge. 
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Concept Group Observations 

• A reference concept for maintainability is needed for all center 
and contractor groups. This concept should address such things as 
fail-operational/ fail-safe , on-condition maintenance, inspection 
philosophy (e.g., off line for major maintenance), and onboard 
spares versus redundancy. 

• Maintainability integration should occur at the systems engineering 
and integration (SE&I) level. A cadre of contractor personnel may 
have to be located at the SE&I office for this function or may have 
to attend periodic meetings to integrate maintainability plans. 

• Servicing of satellites, orbital transfer vehicles, and other user 
vehicles shouLd be considered along with the space station 
maintainability plans at the SE&I level. 

• A remote maintenance center on the ground should be studvnd and 
evaluated. 

• Trade studies are needed to evaluate external crew activity versus 
automated systems for external maintenance. This also applies to 
manual versus automatic inspection. 

• Each orbital replaceable unit (ORU) has to be testable at its 
interface for performance. Don't go to too low a level too 

soon — an ORU should probably be the biggest component that can go 
through the hatch, 

• As failure rates for components decrease (e.g., microprocessor 
integration), the number of components in an ORU can increase. 

0 Software changes should be made by data link from the ground. 
Configuration control of software should be handled in the same 
manner hardware is handled. 

• Distributed computing systems are recommended in order to provide 
isolation of critical and noncritical functions and embedded 
software. All computers on any given data bus should be tested 
together in a systems analysis and integration laboratory. 

• Avoid reinventing systems (e.g., control moment gyros and redundancy 
management). NASA should coordinate with the Department of Defense. 

• Advanced technologies should be developed in parallel with 
mainstream space station systems and components but should not be 
controlled in the same detail or charged with the costs associated 
with a mainstream development. 

• Appropriate for advanced automation application are 

— robotic arm 

— fault-tolerant systems 
diagnostic systems 

— repetitive operations and recording. 

• NASA should review the National Research Council's Air Force 
Studies Board summer study on diagnostic technology. 

• Budge .Vs for maintainability matters should be assigned to 
contractors and performance against these plans/budgets tracked. 

A system for surfacing critical items at Level B should be 
established. 

• Human factors engineering should focus on safe handling of equipment 
and maintenance tasks including such matters as restraints and foot 
holds. Anthropomorphic models should be used during design. 
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Moclc-ups should be used to demonstrate both external and internal 
vehicular activity functions. 

• Advanced technology should be introduced in an evolutionary 
manner. To the extent, possible new technology should be 
introduced in noncritical applications and then graduate into 
critical systems. 


Systems/Technology Group Observations 

Requirements necessitating a high degree of maintainability relate 
to flight and crew safety, preservation of mission, and continuity of 
service. 

The most appropriate approach to basic trade-offs between reliabil- 
ity and maintainability for given subsystems include: use of best 

technology available, addition of redundancy as required to achieve 
mean time to failure objectives for the function, and addition of 
maintainability as required for the criticality of the function. 

Key questions raised ask: does computer modeling have a role in 

answering questions relating to maintainability, and can maintain- 
ability be added dowhstream? The respective responses are: 

• Yes— various programs exist to predict failure paths and modes and 
mean time to failure. Existing programs should be used where 
possible to avoid high costs of special software development. 

• Not economically--8hould be part of the design concept at the 
beginning (i.e., diagnostics and switch over to hot spares); 
capability is expensive to add later. 

Different systems will require different maintainability 
approaches, depending on the mission requirements. For example: 

• The communication and data processing system would probably have 
built-in spare units that could be switched to in an emergency. 

• The power system could degrade to a fraction of its total power 
before crew safety or flight safety were affected. Replacement of 
panels, for example, could wait until the next supply ship. There 
may be no need for onboard spares. 

• Life-support system redundancy is obviously essential. 

These examples illustrate how different the ORU problem is for 
major subsystems. 

NASA raised many technical questions relating to the implementation 
of maintainability. A common theme was found. 

There is an understandable desire to categorize the maintainability 
elements of the space station, preferably in quantitative terms. This 
leads to questions such as: 

• What are the drivers and their relative importance? 
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• For each element, how are initial cost versus maintenance cost and 
mean time to failure versus mean time before replacement compared? 

• Can mathematical models be set up for the above? 

The range of elements on board the station vary widely in their 
criticality and technical composition. No single, meaningful, broadly 
applicable answer is possible. The maintainability of each element 
must be evaluated case-by-case in accordance with specific appropriate 
criteria, in order of importance, such as: 

• crew safety 

• achievement of mission objectives, continuity of service from 
customers' viewpoint 

• maintaining long-life integrity of the space station 

• crew time 

Insufficient data now exists on the various space station elements 
to permit definitive, in-depth analytical study. It is clear that 
this level of study needs to be deferred until the new contractors 
reach a substantive point of subsystem definition including 
approximate weight, 

size, and, most important, technical heritage. 

To minimize the extent of maintenance, it would be highly desirable 
to use, to the extent possible, space proven hardware. This not only 
eliminates development cost, but also provides a high degree of 
confidence in the equipment — based on current experience, in some 
instances, 7~ to 10-year lifetimes. 

It is not considered realistic to attempt designs for 30-year 
lifetime because of extensive and costly development and technical 
obsolescence. Even if achievable, it is doubtful that 30-year 
subsystem equipment would be desired because of technological 
improvement . 

Close coupling is required between the NASA system designers/ 
integrators, who set the overall system specifications, and the Phase B 
subsystem contractors, to provide an interactive system definition/ 
design process. The various contractors should consider the problem 
of maintainability, i.e., amount of redundancy, nature of redundancy, 
monitoring, accessibility, tools needed for replacement, from the 
start of the project and not as an add on. 

Based on two decades of successful commercial communications 
satellite experience, it is now possible to procure equipments/ 
subsystems that have demonstrated 7 to 10 years of operating life in 
orbit without requiring maintenance. The design and construction of 
these equipments should follow these principles: 

• Design — Base the design on previously flight-proven designs to 
the greatest extent possible. 

• Components — Use military-specified parts plus additional 
burn-in as per current commercial satellite practice. 

• Redundancy — This feature is essential. 
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Equipment life is a statistically defined variable; once design 
problems have been solved, a back-up unit must be available no matter 
how low the probability of failure of the original unit. The number 
of redundant units depends on the importance of that unit to the 
mission and its expected probability of failure. This number may 
likely be less for the space station than for a 10-year commercial 
satellite since the latter cannot be maintained during its lifetime 
while the apace station will be supplied every 90 days. 

In support of this concept, it is noted that large electronic 
communication switching systems, which operate with only about 2 
minutes of outage per year, achieve this result by extensive use of 
redundancy. 

Based on this experience, NASA should, where possible, procure 
subsystems that have proven to be reliable. When such units do not 
exist, it is recommended that they be designed and built in accordance 
with the above principles. 

It is also recommended that periodic testing of units be performed 
through the monitoring of significant parameters rather than by 
complete engineering tests of all subsystem performance parameters. 

Contractor personnel involved in the design and construction of the 
space station and its many subsystems may not be available to NASA 
during the lifetime of their operation. NASA engineers should work 
very closely with the contractors during the design and construction 
period so that they become thoroughly familiar with the theory, 
operation, and test of these equipments. Such experience is 
indispensable in later operation and maintenance in orbit. It will 
likely require a full-time NASA presence in contractors' plants. 
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Closing Comments 


The panel recognizee that the National Aeronautics and Space 
Administration (NASA) is in the formative period of development of its 
organization and staffing for the space station maintainability 
program. The panel is pleased to have had an opportunity to provide 
its views to NASA at this formative stage in the development of the 
program. The panel also recognizes that although maintainability has 
been under active study for an extended period by NASA, the approach 
to be followed by the space station program has not been developed and 
awaits input from the Phase B (concept and preliminary design) 
contractors. 

The panel takes the position that maintainability is a critical 
element of the program. It permeates design from the very start of 
concept development through design of hardware and software through 
operations. Maintainability affects costs from design through test 
and through operations. It is a critical element in maximizing 
utility through operational availability and long life. 

The panel's brief dialogue on the subject with NASA space station 
program representatives leads the panel to make these broad 
observations : 

• It is clear that maintainability considerations must be addressed 
early in the design. An early set of maintainability design 
guidelines based on a stated maintainability philosophy should be 
identified. This should build on an evaluation of program needs 
that include the station itself, its services, and associated 
free-flying spacecraft and payloads. 

• NASA needs to be sure it moves effectively to develop an overall 
maintainability strategy /approach and plan and to communicate this 
fact to program Level C and associated contractors. 
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• NASA needs to be sure that the Phase B contractors, at the time of 
commitment to preliminary design, have the guidance required for 
trade-off analyses that account for such matters as initial 
operating configuration cost, system support costs, crew time, 
scarring, and robotics. 

a It is important that the system engineering and integration 

organization have the responsibility and authority reflected in the 
organizational structure to develop and implement the required 
maintainability plan in time to affect Phase B preliminary design 
activity. 

The panel believes that NASA's space station program management has 
time, between the letting of the Phase B contracts and the development 
of guidance for the start of preliminary design (some 10 to 11 
months), to take the kinds of actions addressed above. However, 
success requires early, quick, definitive action on the part of 
program management at all levels. 
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• SPACE STATION SUBSYSTEMS MUST BE CAPABLE OF ALMOST 
INDEFINITE LIFE THROUGH: 

-Scheduled maintenance 

-Effective and efficient completion of unscheduled 
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NASA 
3/12/85 
B. Cramer 


BBIMIfilMefilUIY 

'*The purpose of this round table discussion is to develop a 
better understanding of the optimal degree of maintainability 
appropriate for the Space Station. 

It is clear that Space station subsystems must be capable of an 
almost indefinite life through a well planned process of 
scheduled maintenance, a comprehensive capability to deal 
quickly and efficiently with unscheduled , maintenance, and a 
periodic exchange of major equipment elements. In addition, 
these subsystems must be capable of being upgraded and expanded 
in order to meet the increasing operational requirements of the 
Space Station. Maintainability is viewed primarily as an aspect 
of design which facilitates the process of maintenance, namely, 
the restoration of equipment to operational status following a 
failure. The process of maintenance involves many aspects of 
Space Station design and operations. Initially, it involves 
those features of the equipment itself that either facilitate 
maintenance or reduce the need for maintenance, such as more 
reliable parts, long-life designs, built-in diagnosis and fault 
isolation, orbital replacement unit (ORU) commonality, good 
access, clear labeling, and other related- aspects of human 
factors engineering. These design features are fully utilized 
through the exercise of the appropriate procedures, skills, and 
training on the part of the crew. Lastly, there should be the 
required ORUs, ample associated information, the secondary 
facilities to effect the repair, and an environment that is 
supportive of the maintenance process. 

Crew productivity is also heavily involved with maintainability. 
The commercial and scientific objectives of the Space Station 
are critically dependent on the availability of the crew to work 
with payloads. . »Tbese -...payload activities should not be 
compromised by the crew performing maintenance. Making Space 
Station subsystems appropriately maintainable is a logical 
approach which can meet both the commercial and scientific 
objectives of the Space Station and still permits the necessary 
maintenance to be accomplished. 

* 

As stated above, the purpose of this round table discussion is 
to gain a better understanding of the appropriate degree of 
maintainability within Space Station subsystems.* --#• 


''‘The kinds of issues that are most likely to be raised would 
include the following: 

What are the requirements that most necessitate a high 
degree of maintainability? 
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What is the appropriate proceaa to identify the right 
amount of maintainability? 

What are the "driver" issues in formulating a 
maintainability plan? 

Given the manner in which the Space Station is organized, 
what is the preferred approach to conducting the system 
engineering trade studies necessary to identify a 
near-optimal degree of maintainability? 

Once a near-optimal degree of maintainability has been 
identified, what is the preferred approach for 
implementation, given the present Space Station Program 
organization? 

What is the most appropriate approach to the basic 
trade-off between reliability and maintainability' to 
achieve a given subsystem availability? 

How should one balance the need for maintenance (as 
reflected by the MTBF) against the ease of maintenance 
(as reflected by the MTTR>? 

What is the appropriate process to determine the level of 
ORU that is most consistent with crew time, crew skills, 
crew training, stowage volume for spares, secondary 
equipment, etc.? t 

What are the most cost-effective applications of advanced 
automation to assist in attaining high maintainability? 

Of the various aspects of human factors engineering that 
are applicable to maintainabi 1 ity, which appear to.be the 
most cost-effective? 

Does computer modeling have a role in the maintainability 
questions? 

What is the preferred approach to allocating maintenance 
goals to various subsystems? 

How does one best preserve maintainability objectives in 
an environment of scarce resources? 

Assuming constraints on IOC costs may limit maintainabil- 
ity, can one subsequently add maintainability? Is there 
such a thing as "maintainability scar"? 

How does one know if maintainability objectives are being 
met, short of flight operations? 
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Ht-MAINTENANCE CONFIGURATIONS 



SPACE STATION MAINTAINABILITY APPROACH 
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NASA TO DATE HAS HAD LIMITED EXPERIENCE WITH SUCCESSFULLY ADDRESSED THIS 
PROBLEM. 
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MAJOR FACTORS TO BE CONSIDERED IN THE IMPLEMENTATION OF MAINTAINABILITY AND COMMONALITY 
REQUIREMENTS 
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F. J. Logan 
NASA GSFC 


MAINTAINABILITY 

HP-3 


The GSFC role, with respect to maintainability Is highlighted by the 
diverse SSPE's that the GSFC Is responsible for. Despite the differences 
between the platforms, the attached payloads, assembly and servicing 
facilities, and the outfitting of a lab module, the key to a successful 
maintainability program for all four WP-3 elements Is the ability to 
conduct three-way Iterative trades between maintainability studies, 
preliminary system designers, and design to cost. The NASA managers have 
the responsibility to Insure that this iterative process converges on the 
desired system at SDR. 

To arrive at the optimum maintenance program for each WP-3 element will 
require a concerted effort Involving WP-3, the other HP's, and the Phase B 
contractors. The contractors have a hard requirement to develop an 
on-orbit maintenance plan; to develop the plan will require hard decisions 
by WP-3 In defining parameters that must be studied, and Insuring that the 
feedback to the designers Is continuous. Inputs from the other HP's are 
required for ORU commonality studies that impact the maintenance plan. Some 
of the issues that must be resolved to satisfy the requirement for 
Indefinite station life are: 

o % of crew time available for maintenance 

o Trade reliability vs. maintenance 

o Trade cost optimization vs. availability 

o Logistic space on board the Space Station 

o Resupply frequency 

o Criticality of element or subsystem 

o Safety 

o Commonality 

o Cost of built-in test equipment and diagnostic equipment 
vs. manual operation 

Experience at GSFC 


The GSFC is not without experience In the development of flight hardware 
that requires maintenance. In the mid -seventies, the first in-orbit 
maintainable spacecraft, the Multimission Modular Spacecraft (MMS), was 
developed at GSFC. 

The basic premise of the MMS design was to isolate functional distribution 
so that when a failure occured, only one module would have to be replaced, 
and It was readily Identified. This philosophy could be used In the 
design of Space Station ORU's to facilitate fault Isolation and ORU 
design. The MMS module attachment fittings, with the associated blind mate 
scoop-proof electrical connectors were originally designed to be remotely 
serviced using the RMS with the service tool attached. This proven design 
Is one possible solution for Space Station ORU's. 
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Although the MM8 Flight Support System (FSS) is not planned to be serviced 
In orbit, the system was designed for maintainability with an expected life 
of fifty missions. The design philosophy used In the design of the 12 
mechanisms could apply to the required mechanisms on the Space Station 
servicing facility and other Space Station mechanisms. Each mechanism 
consisted of a command drive unit with two motors , gearing, brake and 
overload switch, providing full redundancy up to the output shaft. All 
mechanisms have a manual override In the unlikely event that a failure 
would occur In the mechanism. Another FSS design feature that could apply 
to the Space Station Is the thermal blankets with removeable outer layer 
painted with a white thermal finish. When the thermal paint deteriorates , 
the outer blanket Is removed and replaced with the remaining layers left 
Intact. This could be carried further for Space Station with several 
layers painted and removed as they lose their effectlvlty. 
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FAULT-TOLERANT SYSTEMS BENEFITS TO SPACE STATION 
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FAULT-TOLERANT DESIGN FEATURES AFFECTING 
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APPENDIX C 


Code Designator for Group Described:, 


Commission on Engineering and 
Technical Systems 

ASSEMBLY OR COMMISSION 

Air Force Studies Board 

DIVISION, - OFFICE, or BOARD 


Committee on Fault Isolation 
COMMITTEE 

SUB-UNIT 

Vernon H. Miles 


Staff Officer: 


STATEMENT OF TASK 


The ability of the United States Air Force to generate and sustain wartime 
sortie rates or up time of non-flying systems is severely affected by the 
ability of maintenance personnel to rapidly isolate, and subsequently replace 
or repair malfunctioning components. Self repairing and self reconf igurable 
systems of the future are absolutely dependent on an ability to isolate 
malfunctions in order to respond with an optimum alternative. Requirements 
for maintenance manpower and training depend on the effectiveness of fault 
isolation systems and techniques ranging from Built in Test (BIT) and . 
Automatic Teat Equipment (ATE) to technical data for troubleshooting and - 
manual test equipment. Among the Air Force systems and subsystems of interest 
are avionics, flight conttol systems, propulsion equipment, secondary power 
systems, ground coramunici;tions-eleetronics , and missile systems, both tactical 
and strategic. Modern technology offers the opportunity to improve the power, 
accuracy and reliabilty of fault isolation systems. 

The study will essentially consist of four tasks: 

1. Determine the United States Air Force's present use of fault 
isolation, Che present state-of-the-art of fault isolation, and 
assess them against the requirements for fault isolation capability 
out to the year 2000* 

2. Analyze the potential for advancing the present state-of-the-art and 
potential pay-off for various levels of improvement. 

3. Assess the possibility of reducing the Air Force's requirements for 
skilled maintenance personnel through improved fault isolation 
systems, with particular attention to the application of artificial 
intelligence technology. 

A. Recommend future research and exploratory development that will^ 

achieve the necessary improvement in fault isolation for the United 
States Air Force's equipment and systems. 

The Air Force Studies Board will conduct a three week summer study on Fault 
Isolation. 

The Air Force Studies Board is supported by Contract No. FA9620-83-C-0111 
with Headquarters, Air Foree Systems Command, Andrews Air Force Base, Maryland, 


November 13, 198A 

(date of Statement) . COMMITTEE RECORDS FORM #1 
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Further Deliberations 


Statements by J . W. Schaefer and P. E. Partridge 
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■It W. Bciutm) 
Biu. Ukuutdiiib 
Wiopp*r*v, N. ;. 01 OM 
coob roj a?< .oeoo 


March 25, 1985 


Mr. L. R. Greenwood 
Mission Planning S Program 
Development Director 
Fairchild Space Company 
Century 21 Blvd. 

Germantown, MD 20874 

Dear Ron, 

Since our meeting In Huntsville last Wednesday and Thursday, 

I have thought more about the suggestions I made on maintenance 
of the Space Station. In particular, I think that the Remote 
Maintenance and Test System concept is Important to the success 
of the Space Station. In retrospect, I should have done a better 
job in describing the manner In which It could be used to save 
crew- time and training as well as provide comprehensive and continual 
monitoring of the status of the equipment on-board the Space 
Station. My description was certainly too general to adequately- 
convey the potential utility of the remote maintenance facility 
and the similarity to the one that we provided for the Dimension 
PBX. I will summarize my thoughts below. 

A computer based terminal on the ground would be used by an expert 
maintenance craftsman who would dial-up the "address" of the 
equipment he wishes to test. The ground-based computer would 
Interrogate the test points of the on-board equipment via a digital 
transmission link between the ground station and the Space Station. 

A programmed sequence of tests would be administered automatically 

to verify that the equipment Is working properly. The tests 

would be designed so that. If any step in the sequence falls, 

the failure voul d be Isolated on a printout to the smallest replaceabl 

unit. 

The remote maintenance system's capability to perform software 
maintenance would be just as Important as Its ability to test and 
diagnose hardware operations. Program "bugs" could be detected 
and fixed from the remote keyboard. Software updates and other 
program changes would be inserted In the same manner. Of course, 
any changes In the program would have been thoroughly checked 
out In identical processors on the ground before being transmitted 
and Inserted in the processor aloft. 
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The use of a ground-based remote maintenance system would (1) 
reduce the time the crew need spend working on the equipment, 

(2) reduce the software and diagnostic training required by the 
crew, and (3) provide more comprehensive preventative maintenance 
and failure analysis. 

Even though there seemed to be general agreement at our meeting 
with the attributes of remote maintenance as outlined above, 

I believe that the need for early action was not fully appreciated. 

The design of the maintenance system affects every circuit board 
and sub-assembly. The test points that need to be monitored 
must be made accessible at connectors and the transmission system 
must be standardized. To accomplish this, maintenance must be 
treated as a single system and Its design must be started at 
least as early as any of the rest of the equipment. 

The various design organizations will each have their own priorities 
and will tend to worry about maintenance only after their primary 
role has been satisfied. From my experience, maintenance systems 
cannot be an afterthought or overlay at the end of the design 
process. 

The organization responsible for the maintenance system design 
will need some authority to assure that their requirements are 
honored by the rest of project. It Is Important that they get 
started now. It will be difficult to Implement such procedures 
in the Space Station project because of the way NASA has It organized. 

If there Is Interest within NASA to pursue this concept further, 

I villi be happy to arrange for a more complete discussion of 
the remote maintenance systems that are used in the telephone 
plant. 



W. Schaefer 
AT&T Bell Laboratories 
Room 5A-306 
190 River Road 
Summit, NJ 07901 


CC: 


Bernard Maggin 
National Research Council 
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If the Space Station is truly to have an indefinite 
life with evolutionary growth then a fundamental a si mu mot ion 
in developing a viable maintainability Philosophy is that 
eventual Xv? at one time or another? every element of the 
station will be replaced due to wearoutv failure? or 
ob sol ©sene e,. Therefore* every element must be replaceable 
either as an individual item or as a part of a larger 
replaceable assembly- Furthermore ? a rationale must be 
developed trust determines when and how replacement will 
occur under the constraint of maximum safety and continuity 
of mission operations at minimum cost- 

The concert of minimum cost needs further development 
and definition.. It is difficult to define life cycle cost 
for a system that is evolutionary with indefinite life- For 
life e vc ,1. © costing purposes? it may be desireabl e to define 
the system life as XQC + ten years? for example,, 

Based on my own experience I wish to strongly endorse 
the concept that cost can be minimized by using? wherever 
possible? existing proven hi—rel designs that utili -.© 
currently available standard hi-rel parts adding redundancy 
where needed for critical functions- In addition? I 
strongly endorse the use of Failure Mode and Effects 
Criticality Analysis <FMECA> or alternatively? Fault Tree 
Analysis? as powerful design analysis tools for 
establishing cause and effect relationship© and their 
probabilities- These analysis techniques should be 
extensively utilized in the development of any new designs 
that may be required .. 

If maintainability is important to the Space Station? 
as it Properly should be? then it needs to be made a first 
level requirement? be given strong emphasis and high 
visibility? and receive top level management attention and 
advocacy- Contractors must be provided with a clear 
statement of maintainability objectives and an overview of 
the important issues? concerts and suggested approaches 
associated with maintainability.. They must be encouraged to 
use their initiative to find imaginative and creative 
solutions to maintainability problems and incentivised on 
the basis of how well they perform against maintainability 
objectives- Reviews at all levels must include 
main tainab i 1 it / as a specific topic to be addressed and 
must Judge the proposed maintainability approach on the 
basis of its consistency with overall program objectives.. 


Of possible per irne rial interest to NASA and its 
contractors with regard to mairitai nab :i 1 it 1 * technology is 
the 40 tn Meet, .in :J of the Mechanical Failures Prevention 
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Group being held on April * 1988 at the National 

Bureau of Standards in Gaithersburg » Maryland. This meeting 
•is -featuring a symposium on the Use of New Technology to 
improve Mechanical Readiness* Reliability and 
Maintainability. The symposium is sponsored bv the National 
Bureau of Standards* the Office of Naval Research and the 
Army Materials and Mechanics Research Center with 
participation by the IEEE Reliability Society.. A copy of 
the symposium announcement and program schedule of 
technical presentations is enclosed,, A review of the 
presentation titles indicates that there mav be some 
material applicable to Space Station maintainability- 


